Hacktivists make NFTs out of the stolen passports of Belarusian officials

The inside and outside of a Belarusian passport, with a photo and the name of Alexander Lukashenko. Identifying details have been blurredOne of the NFTs (attribution)
A hacktivist group calling themselves the Belarusian Cyber Partisans managed to gain access to the entire passport records of Belarus last year. On August 30, they began selling NFTs created from the passport data of various Belarusian officials, including the country's authoritarian president, Alexander Lukashenko. Other passports include those of the head of the Belarusian KGB, Lukashenko's press secretary, and the country's prime minister.

The group is selling the NFTs for between 0.2 and 6.5 ETH ($300–$9,700), and say that all proceeds will go towards "our work in hitting bloody regimes in minsk & moscow".

OpenSea took down the NFT collection shortly after it was published.

OptiFi developer accidentally closes the project contract, irretrievably locking $661,000

OptiFi, a derivatives defi project, accidentally and permanently shut down the project smart contract, irretrievably locking up $661,000 — the project's entire fund. A developer had been trying to push an update to the project, and ran into issues related to Solana network congestion (a recurring issue). While trying to clean up from a partially-executed transaction, the developer accidentally ran a command that closed the project's primary smart contract.

OptiFi has promised to return user deposits and settle all positions. In a post-mortem, they wrote that they had learned that "Every deployment needs a rigorous process and single point failure can be avoided. Please don't rush like what we did, especially for defi projects". They further outlined a "peer-surveillance approach" in which three people would be required to deploy any changes together. They also asked the Solana team to implement a two-step confirmation for such a potentially destructive command.

Whistleblower website alleges that the creators of the Avalanche blockchain paid lawyers to attack competitors

Kyle Roche sitting in a dim restaurant setting, speaking and gesturing. A caption on the video reads "I'm just a crazy motherfucker".Roche in one of the secretly recorded videos (attribution)
An anonymous whistleblower website called "CryptoLeaks" has alleged that Ava Labs, the company behind the Avalanche blockchain, paid lawyers to sue competitors and obtain confidential information through legal discovery. The site includes secretly recorded videos of Kyle Roche, a founding partner of the Roche Freedman law firm which has filed class action lawsuits against numerous companies including Solana, Binance, and others. In some of the surreptitiously recorded videos, Roche is visibly drunk.

"A pact was formed that involved Ava Labs granting Roche Freedman a massive quantity of Ava Labs stock and Avalanche cryptocurrency (AVAX), now worth hundreds of millions of dollars, in exchange for Roche Freedman agreeing to pursue a hidden purpose," the site claims.

The site does include video clips of Roche saying some surprising things, although the clips are very short and devoid of context. The whole thing should be taken with a grain of salt.

Ava Labs founder Emin Gün Sirer dismissed the claims on the site as "conspiracy theory nonsense". Roche published a statement about the " numerous unsourced false statements and illegally obtained, highly edited video clips that are not presented with accurate context", in which he said that his statements about filing class action suits at the behest of Ava Labs were "false, and were obtained through deceptive means, including a deliberate scheme to intoxicate, and then exploit me, using leading questions. The statements are highly edited and spliced out of context."

CEO of Ragnarok metaverse game admits to treasury mismanagement, including nearly $2 million in trading losses and exorbitant salaries

Pixel art characters stand in a bar setting with a tiled floor made from hexagons. There are cardboard boxes, a jukebox, and a cook behind the bar.Ragnarok screenshot (attribution)
Ragnarok is a metaverse role-playing game that launched its character NFTs in April 2022. The project received $1.75 million in seed funding, plus another $17.5 million from NFT sales and royalties.

On August 26, CEO Fanfaron published a Substack post providing a breakdown of the project's finances, which he began by saying, "As a previous business owner, and because Ragnarok is a startup and not a DAO, our initial plan was never to operate our finances in public, which is why we have historically been closed and unwilling to share full accounting of our balance sheet." As the post went on, it became clear there might be other reasons they were reticent to publish it.

The post revealed that Fanfaron had lost $1.827 million buying ETH during the crypto downturn: "I made mistakes by buying ETH multiple times when I thought it was an advantageous investment for the project, but then to protect downside risk and with the plan to reinvest at a better time, I sold our position in ETH, multiple times.."

It also revealed that the project is paying its team members apparently enormous salaries: $5.4 million in team compensation, plus another $1.5 million spent to buy out a co-founder. "We're a scrappy startup," he wrote, after also acknowledging that he pays himself $50,000 a month ($600,000 a year) — a number he already reduced by $600,000 from his original salary of $1.2 million per year. He ultimately promised in the post to pay back his trading losses.

As for the game, well, it exists, which means it's already ahead of a lot of crypto games. They launched an alpha version of the game in late July after multiple delays, with Fanfaron explaining, "Our vision was to create something similar to WoW... we were, however, overeager and optimistic with regards to how much time it takes to create such a world." The alpha is a multiplayer pixel art world where characters can walk around and talk to each other, and interact with buildings. Battling, leveling, quests, missions, and breeding are apparently all yet to come.

Indian financial crimes authority searches the offices of CoinSwitch, the country's largest crypto company

Financial crime agents from India's Directorate of Enforcement searched the offices of CoinSwitch and the residences of some of its executives. CoinSwitch is the largest crypto company in India, and is backed by Andreessen Horowitz, Tiger Global, and Coinbase Ventures.

According to the CEO, there's nothing to worry about, the search had nothing to do with money laundering (that's specific), and the agency only executed the search to learn more about its business model and user onboarding. Seems like a pretty weird way to do that, but what do I know.

TechCrunch, however, reported that four people familiar with the investigation stated the investigation was to do with potential violations of foreign exchange laws, and that the agency suspects CoinSwitch acquired $200 million in shares in violation of forex laws.

eth.link service about to go offline because domain owner is in prison

Some people might be familiar with ENS, the "Ethereum Name Service", which seeks to be a web3 equivalent of DNS. If you've seen people with usernames ending in .eth, that's an ENS address. The problem is that .eth is not a functional top-level domain, and so many services relied on eth.link to surface these DNS records to other services.

However, the eth.link domain is only rented for a set period of time and needs to be renewed. ENS DAO tweeted that the domain's owner, Virgil Griffith, is "unavailable". By this, they mean that he is currently serving his first of five years in prison for helping North Korea evade sanctions. With Griffith "unavailable", the project has found itself at the mercy of GoDaddy. Welcome to the decentralized web3 we've all been promised!

Although GoDaddy previously allowed another person to renew the domain on Griffith's behalf, they reversed that decision, and now say they intend to allow the domain to expire on September 5.

The ENS DAO issued a series of tweets urging people to switch to a different service, given the risk that the domain could be snapped up. "If the name expires and is acquired by someone with ill intent, the damage they could do via phishing is substantial - so please update your links and alert your users of the issue immediately," they wrote.

The latest Pokémon-themed rug pull nets $708,000

It's not much compared to at least three separate crypto Pokémon ripoffs since February that have each taken millions, but apparently the love of Pokémon still drew people in to the tune of $708,000.

One might think the blatant rip-off of the Pokémon IP (which belongs to a notoriously litigious company) might have been a red flag, but nevertheless, people bought in to PokémonFi — a play-to-earn game that seems like a much worse version of the original thing.

The project and tokens first launched in April. After apparently running off with the money, the project deleted its Twitter account, though its website remained live.

Researcher zachxbt alleges that teenager who stole crypto worth $37 million in 2020 is responsible for a spate of crypto-related Twitter hacks

BirdPartner - The Secret Twitter Panel
Today, I will start to lease out access to my exclusive Twitter panel. This support hub allows you to request usernames, ban accounts, restore access to stolen/locked accounts, report instances of rule violations, and more.
Due to the extreme nature and power of the panel, access will be restricted to a limited amount of users at once. There are several packages; each becoming more discounted the bigger package you buy.Post on SWAPD advertising access to Twitter panel (attribution)
In 2020, a Canadian teenager used SIM swapping to steal US$37 million in Bitcoin and Bitcoin Cash from a single person. Canadian police announced his arrest in November 2021 after he tried to buy a rare gaming username, also writing that they had seized around $5 million of the stolen funds.

Now, crypto investigator zachxbt thinks the same individual is indirectly responsible for a slew of compromised Twitter accounts that have then been used to promote crypto scams, including those of Beeple, DeeKay, and others. According to zachxbt, he has been selling access to a Twitter admin panel, which allows employee-level access to Twitter tools. This might explain how many of the accounts were compromised despite being protected by multi-factor authentication. According to zachxbt, "It's still unclear as to how Redman gained access to the panel to make elevated requests & reset passwords. As of now it appears the method stopped working".

10% of Ethereum nodes at risk of being booted from cloud hosting provider

The virtual server provider Hetzner posted a clarification that using its service to mine Ethereum — either in its current form or in the promised proof-of-stake version — violates its terms of service and that the company has been "internally discussing how we can best address this issue".

16% of all hosting nodes (a category that makes up 62% of all nodes by network type) are hosted with Hetzner — 10% of all nodes. If 10% of all Ethereum nodes being supported by one company sounds awfully centralized to you, wait til you hear that 30% run on Amazon services.

SudoRare NFT exchange rug pulls for $820,000

Six hours after its launch, the team behind the new SudoRare NFT exchange took the money and ran, deleting the project website and social media. People had already warned about issues in the project contract that signaled it could be a scam, but those were either unseen or unheeded by the people who put a collective $820,000 of various tokens into the project.

At least one of the scammer wallets interacted with the Kraken crypto exchange, a U.S.-based exchange that requires KYC, so it's possible that Kraken could help identify the scammers — though they've not made any public moves to do so.

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.